Secure coding guidelines on working with archive files
What does this MR do and why?
Adds a section in the secure coding guidelines on working with archive files. The section covers Zip Slip/path traversal and symlink vulnerabilities which are the two most commonly seen vulnerabilities in applications working with archives.
/cc @gitlab-com/gl-security/appsec
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.